S'pore vulnerabilities are no different from those of other nations: Commissioner of Cybersecurity
Singapore's Cyber Security Agency's (CSA) chief executive David Koh warns that in this realm, the Republic's vulnerabilities are no different from those of any other nation.
'Train systems can be disrupted, power plants, water systems. It will move to a new dimension, where you will encounter real-world harms that will affect all of us,' he said.
Mr Koh, who is also the country's first Commissioner of Cybersecurity, holds legal authority to investigate cyber threats and incidents, ensuring the continuity of essential services during cyber attacks.
'When we first started, the majority of threats were straightforward – web face defacements, DDoS (distributed denial of service) attacks. They were a bit more like digital graffiti,' said the former defence specialist in the armed forces, who has been CSA's chief executive since its founding 10 years ago. July 18 marks its 10th anniversary.
These threats have grown in complexity as the economy has become more interconnected through the use of digital services. That means the agency has had to extend its umbrella, working with the private sector, to cover the man in the street.
For instance, in 2024, CSA partnered with Google to launch Google Play Protect, which blocks malicious apps once detected. Google has since introduced the feature to places such as Brazil, India, South Africa, the Philippines, Thailand and Hong Kong.
Mr Koh said that such a partnership would have been unimaginable 10 years ago.
Today, besides chairing the United Nations' Open-Ended Working Group on cyber security, Singapore is also passing on its knowledge to its Asean neighbours and countries such as Japan, which is in the process of passing cyber-security laws.
'It is in Singapore's interest to support the international rules-based system; not just physical trade, but goods and services are increasingly also being transacted digitally,' Mr Koh said.
Countries justifiably want control of their national security and have different tolerance levels for personal data sharing, he said, noting that interoperability can still be achieved.
Singapore, Britain, Germany and Australia also co-lead the International Counter Ransomware Initiative.
Singapore businesses, despite CSA's advice to refuse ransomware demands, routinely cave in, according to surveys. High-profile ransomware cases here in 2024 included those of law firm Shook Lin & Bok, the Jumbo Group and Mustafa. Recent polls by global security services firms Bitdefender and Sophos found that companies here are more likely than their global peers to keep silent about security breaches and pay up, and are less likely to negotiate the amounts.
But there are no plans to legislate ransomware reporting, which is now voluntary. 'Cyber security, ultimately, is a risk management issue. It is not possible for us to mandate a standard of cyber security for everybody. It's not a one-size-fits-all,' Mr Koh said.
Instead, the CSA hopes to raise reporting by working with the Singapore Business Federation to offer help to victims.
With 70 per cent of companies that support the country's essential services coming from the private sector, the CSA has, over the years, evolved to assist businesses on security issues and work on training and professional standards.
From about 70 employees when it started, the outfit has since grown to a headcount of around 500.
Singapore was one of the first countries to establish a cyber-security agency and one of the first to have a Cybersecurity Act, which was enacted in 2018. The US, Britain, France and Australia were other leaders in the domain then.
CSA's sphere now includes scams, national threats, cyber-security certifications and data security, which it works on with other government agencies, businesses and institutes of education and training.
Singapore ranks well in cyber maturity compared with many countries, but the issue is how it compares with a determined attacker, Mr Koh said, urging Singaporeans to play a part.
'The weakest link can be the company that doesn't patch its software, uses weak passwords, or the supplier in the supply chain who makes a mistake, who doesn't take cyber security seriously. It could be the employee who clicks on the phishing e-mail, or the individual customer who comes in and has unsafe practices,' he said.
Sometimes, extra security comes with friction.
'You need to recognise that this is a trade-off between convenience and security. Sometimes, it also translates into a little bit more cost. We must be willing to pay this cost,' Mr Koh said.
Source: The Straits Times © SPH Media Limited. Permission required for reproduction
Discover how to enjoy other premium articles here
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
a few seconds ago
- Yahoo
Tech Mahindra joins J.P. Morgan Payments System Integrator Program
Indian IT major Tech Mahindra has announced its participation in the J.P. Morgan Payments System Integrator Program, which focuses on enhancing payment systems. The programme aims to assist clients in developing 'comprehensive' payment strategies by integrating J.P. Morgan Payments solutions with the expertise of professional service partners. This initiative is part of the J.P. Morgan Payments Partner Network, which includes over 80 third-party relationships to address various customer needs for payment solutions. In this role, Tech Mahindra will contribute to the global deployment of J.P. Morgan Payments' solutions, utilising its capabilities and presence across different industries and regions. J.P. Morgan Payments offers a combination of treasury services, trade and working capital, and card and merchant services, facilitating payments in multiple currencies worldwide. The firm processes over $10tn in payments daily, operating in more than 160 countries and dealing with over 120 currencies. By joining the programme, Tech Mahindra will apply its expertise in real-time payments, data reconciliation, and enterprise resource planning (ERP) implementations for clients globally. With experience in over 1,800 SAP implementations, Tech Mahindra's capabilities in enterprise transformation, alongside J.P. Morgan Payments' infrastructure, are expected to assist organisations in improving their financial operations. The collaboration aims to provide businesses with near real-time tracking, enhanced reporting, and improved functionality for business dashboards, utilising advancements in SAP's Generative AI and Build Process Automation. J.P. Morgan Payments Enterprise Application Solutions global head Sam Yen stated: "This collaboration will allow us to offer clients the stability and resiliency of J.P. Morgan Payments combined with Tech Mahindra's technology expertise to help them build future-ready experiences that accelerate their business growth." Last month, Conferma integrated J.P. Morgan Payments' virtual card solutions into its European services. "Tech Mahindra joins J.P. Morgan Payments System Integrator Program " was originally created and published by Electronic Payments International, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
a few seconds ago
- Yahoo
Bybit and Cactus Custody launch secure trading solution
Bybit, the world's second-largest cryptocurrency exchange by trading volume, has formed a strategic partnership with Cactus Custody, an Asia-based digital asset custodian owned by the Matrixport Group. The collaboration delivers a new off-exchange settlement solution via Cactus Oasis, with the service expected to launch on July 28, 2025. This integration is specifically designed for institutional and professional clients, allowing them to trade on Bybit without having to pre-fund exchange accounts. In order to lower counterparty risk and preserve access to market liquidity, clients place collateral into Cactus Custody, where assets are kept in completely segregated, regulated custody and only moved to Bybit at the point of trade settlement. Shunyet Jan, head of institutional and derivatives at Bybit stated: "Bybit is committed to providing institutions with a secure and efficient trading environment. The integration of Cactus Oasis gives our clients more flexibility in managing liquidity without compromising asset protection. Furthermore, the new approach ensures that institutional clients maintain complete control over their assets until the precise moment of deal execution. This enables institutions to achieve internal governance standards while optimising capital usage and risk management systems. Cactus Custody's security infrastructure comprises a layered wallet system that combines hot and cold storage. The platform integrates hardware security module (HSM) encryption with institutional-grade cold storage protocols. It also has Deloitte SOC 1 Type 1 and SOC 2 Type 2 certifications and operates under Hong Kong Monetary Authority licenses, ensuring that it meets stringent industry standards. Furthermore, Cactus Oasis offers cross-platform custody through its own Buffer accounts. This structure speeds asset transfers across exchanges, allowing for better risk controls and settlement automation. Dual- and pre-authorisation modes, customisable workflows, and role-based access are among the features that ensure strict compliance with the KYC (Know Your Customer), KYB (Know Your Business), and KYT (Know Your Transaction) protocol. Wendy Jiang, General Manager of Cactus Custody shared: "This integration with Bybit addresses institutional demands for secure custody, risk reduction, and efficient post-trade settlement. It represents a meaningful step in advancing digital asset trading infrastructure and driving institutional adoption." The relationship is especially crucial for Asia-Pacific institutions, where legal certainty, capital flexibility, and solid risk management are essential for long-term institutional participation in digital assets. Bybit and Cactus Custody have both said that their joint objective is to promote the institutionalisation of cryptocurrency markets with compliant, transparent, and scalable infrastructure. This integration is expected to play a critical role in encouraging broader institutional adoption globally. "Bybit and Cactus Custody launch secure trading solution" was originally created and published by Private Banker International, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
a few seconds ago
- Yahoo
IQ-EQ acquires fund platform Gordian Capital
Astorg portfolio company IQ-EQ has announced the acquisition of Gordian Capital, an institutional cross-border fund platform and solutions provider in Asia. The transaction has received the necessary regulatory approvals from the Monetary Authority of Singapore and the Securities and Futures Commission of Hong Kong, and is anticipated to close soon, subject to standard closing conditions. This move aims to enhance IQ-EQ's service offerings to a diverse clientele, which includes global and regional asset managers, sovereign wealth funds, development finance institutions, family offices, and corporations involved in various investment strategies such as private equity, real estate, and hedge funds. IQ-EQ Group CEO Mark Pesco said: 'This acquisition represents a significant milestone in IQ-EQ's growth strategy, further solidifying our strong market position in the Asia Pacific region. 'Asia has long been a key region for IQ-EQ, and the addition of Gordian Capital, alongside our recent acquisition of AMAL Group, underscores our commitment to expanding our presence and capabilities in this dynamic market.' Founded in 2004 in the Cayman Islands and establishing a presence in Singapore in 2005, Gordian Capital operates with a team of 77 professionals across offices in Singapore, Tokyo, Hong Kong, Shanghai, and Melbourne. The firm currently manages assets worth $17bn, with 96% sourced from institutional investors. The acquisition will facilitate Gordian's planned expansion into the Middle East, pending approval from the Dubai Financial Services Authority. Mark Voumard, CEO and co-founder of Gordian, will continue to lead the firm and will integrate into IQ-EQ's senior leadership team in Asia. Gordian Capital will operate under its existing name as part of IQ-EQ until the second quarter of 2026, when it will undergo rebranding. Voumard said: 'I'm delighted to announce this game-changing deal, which we at Gordian feel is a perfect strategic fit for our business. 'We were attracted to IQ-EQ not just for its impressive market leadership but their firm wide focus on people and delivering best in class client service excellence sealed the deal.' In May this year, IQ-EQ acquired South Watch from Everlane Equity Partners and key employee shareholders. South Watch specialises in fund administration, outsourced CFO services, and tax preparation for hedge fund managers in the US and Cayman Islands. "IQ-EQ acquires fund platform Gordian Capital" was originally created and published by Private Banker International, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
